Toolkit for developing Connect2id Server connectors and extensions
- Java Service Provider Interface (SPI) for sourcing OpenID Connect claims
about a subject (end-user), such as email, name, phone number and address.
Used by the Connect2id Server in its OpenID Connect Provider (OP) role to
aggregate claims from one or more sources (LDAP, RDMBS, etc).
- SPI for handling resource owner password credential grants (see RFC 6749,
section 4.3). Used by the Connect2id Server to delegate validation of the
submitted username / password and authorisation for the requested token.
- SPI for handling client credential grants (see RFC 6749, section 4.4). Used
by the Connect2id Server to delegate authorisation for the requested token.
- SPI for handling client-issued (self-issued) JWT bearer assertion grants
(see RFC 7523, section 2.1). Used by the Connect2id server to delegate
authorisation for the requested token.
- SPI for handling third-party issued JWT bearer assertion grants (see
RFC 7523, section 2.1). Used by the Connect2id server to delegate
validation of the JWT and authorisation for the requested token.
- SPI for handling client-issued (self-issued) SAML 2.0 bearer assertion
grants (see RFC 7522, section 2.1). Used by the Connect2id server to
delegate authorisation for the requested token.
- SPI for handling third-party issued SAML 2.0 bearer assertion grants (see
RFC 7522, section 2.1). Used by the Connect2id server to delegate validation
of the SAML 2.0 assertion and authorisation for the requested token.
- SPI for sourcing Java properties to be merged into the system
properties at Connect2id server startup. Can be used to override selected
or all Connect2id server configuration properties.
- SPIs for listening to ID and access token issue events.
- SPI for encoding and decoding authorisations for self-contained access
tokens into JWT claims sets. Configurable via Connect2id server
properties.
- SPI for generating and decoding identifier-based access tokens.
Configurable via Connect2id server properties.
- SPI for customising token success and error response. Can be used to
include additional parameters in the token response, such as an
"authorization_details" parameter required in OAuth 2.0 Rich Authorization
Requests.
- SPI for shaping token introspection responses (RFC 7662, section 2.2).
May be used to return only scopes specific to the requesting protected
resource, in order to prevent leaking of authorisation information when
issuing tokens for multiple resources.
- SPI for intercepting HTTP requests at the client registration endpoint.
Can be used to process software statements (RFC 7591, section 2.3) and
signed (JWT) registration requests.
- SPI for performing additional validation of metadata of OAuth 2.0
clients and OpenID Connect relying parties during registration (initial and
update).
- SPI for performing additional validation of Pushed Authorisation
Requests (PAR).
- SPI for encoding client secrets before persisting them to storage.
Download
Official releases of the Connect2id Server toolkit are pushed to Maven Central
under
GroupId: com.nimbusds
ArtifactId: c2id-server-sdk
These include the library’s source code, compiled JAR and JavaDocs.
To add the SDK to your Maven project use the following template:
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>c2id-server-sdk</artifactId>
<version>[version]</version>
</dependency>
where [version] should match the expected by the particular
Connect2id Server version you're running.
Questions or comments?
Email [email protected]